How to Avoid Big Brother's Gaze
Deciding on the level of encryption you should be using requires careful consideration.
Thu, June 13, 2013
The revelations about the National Security Agency's Prism program have had many people thinking about George Orwell's dystopian novel, 1984. A lot of pixels and ink have been devoted to questions about the rightness or wrongness of Edward Snowden's decision to unmask the program and the relative importance of privacy vs. security. I'll leave those questions to others and instead focus on what we all can do to better protect our online activities from prying eyes.
The first thing that probably comes to mind when thinking about privacy in communications is encryption. That means either private-key (symmetric) or public-key (asymmetric) encryption algorithms and tools. In both cases, the important thing is key management: Who generates the keys? How are keys exchanged? Who controls the keys? In other words, what is our basis of trust?
As a general rule, I favor the approach that gives the end user the greatest control feasible and dislike systems in which the keys are generated and/or managed by other entities. These are the ones that are least likely to be subverted by folks who wish to intercept our private communications -- although I should stress there are no guarantees.
There are other issues to be concerned with, of course. Cost is one. Scalability is another. If you need only communicate within a small community of users, your options are quite different than if you need to communicate within a large community.
Case in point: AES (a symmetric algorithm) is believed, within the crypto community, to be very strong. For a very small community of people that needs to securely communicate, AES-256 with a preshared encryption key is quite strong, as long as the key itself is strong and is never communicated in plain text. (I'm very much simplifying a complicated set of problems, but bear with me.)
But that preshared-key approach is unwieldy for a large community. That's where public-key systems are useful.
With those basics in mind, let's consider what's available. For starters, you should only connect to a network other than your own using strong VPN (virtual private network) tools. There are many free or very inexpensive options available for this, but you want one that uses robust mutual authentication: preshared keys for small groups, certificates for larger groups. Those connections should be to specific IP numbers so that DNS-based attacks can't fool your systems. And the certificates must be rigorously validated (e.g., with certificate pinning, or with the public certificates statically installed on client and server endpoints).